The Security Failures of Online Exam Proctoring

Proctoring an online exam is hard. It’s hard to be sure that the student isn’t cheating, maybe by having reference materials at hand, or maybe by substituting someone else to take the exam for them. There are a variety of companies that provide online proctoring services, but they’re uniformly mediocre:

The remote proctoring industry offers a range of services, from basic video links that allow another human to observe students as they take exams to algorithmic tools that use artificial intelligence (AI) to detect cheating.

But asking students to install software to monitor them during a test raises a host of fairness issues, experts say.

“There’s a big gulf between what this technology promises, and what it actually does on the ground,” said Audrey Watters, a researcher on the edtech industry who runs the website Hack Education.

“(They) assume everyone looks the same, takes tests the same way, and responds to stressful situations in the same way.”

The article discusses the usual failure modes: facial recognition systems that are more likely to fail on students with darker faces, suspicious-movement-detection systems that fail on students with disabilities, and overly intrusive systems that collect all sorts of data from student computers.

I teach cybersecurity policy at the Harvard Kennedy School. My solution, which seems like the obvious one, is not to give timed closed-book exams in the first place. This doesn’t work for things like the legal bar exam, which can’t modify itself so quickly. But this feels like an arms race where the cheater has a large advantage, and any remote proctoring system will be plagued with false positives.

Posted on November 11, 2020 at 10:25 AM • 18 Comments

Comments

Wilhelm Tell • November 11, 2020 11:03 AM

The problem is that you target 100% of the students. There is no perfect solution. It is enough to hit somewhere about 80% and the rest is called to a classroom exam.

In any case each and everyone must be called to a classroom exam at least once a term so it comes impossible just to „buy your way through“.

zero • November 11, 2020 11:37 AM

“(They) assume everyone looks the same, takes tests the same way, and responds to stressful situations in the same way.”

This is the typical problem with an astonishing number of technical solutions — too much assumption of a “one size fits most”, and little recognition of (much less accounting for) edge cases, where the assumptions don’t work.

Even for something as now common as self-serve checkouts at supermarkets, there’s far too many people for whom those are simply unworkable, ranging from people with physical disabilities to things like ADHD or dyslexia that may be significantly challenged in following a sequence of procedural instructions, especially when working around the extra things imposed by the theft prevention controls.

To me, this is a place where AI systems often fall short, when they encounter conditions that aren’t anticipated by the algorithms.

Sherman Jay • November 11, 2020 1:16 PM

This is an important issue Bruce brings up. There are many who find ‘remote/online proctoring’ a BIG problem:

h t tps://www.forbes.com/sites/seanlawson/2020/04/24/are-schools-forcing-students-to-install-spyware-that-invades-their-privacy-as-a-result-of-the-coronavirus-lockdown/

h t tps://www.nbcnews.com/think/opinion/remote-testing-monitored-ai-failing-students-forced-undergo-it-ncna1246769

h t tps://www.registercitizen.com/news/article/Remote-education-is-rife-with-threats-to-student-15706983.php

h t tps://www.abajournal.com/web/article/due-to-technology-concerns-software-provider-pulls-out-of-remotely-proctored-bar-exams

Remote Exam Software Is Crashing When the Stakes Are the …
h t tps://themarkup.org/coronavirus/2020/10/13/remote-exam-software-failures-privacy
In 2015, the company agreed to pay more than $2 million to settle a class action suit after software failures affected the bar exams in 43 states. At the time, the situation spawned a catchy epithet: “barmageddon.” The company declined to comment on those incidents. And this year, two states with contracts with the proctoring company ILG Technologies, Indiana and Nevada, postponed their …

Clive Robinson • November 11, 2020 1:17 PM

@ Bruce, ALL,

There are a variety of companies that provide online proctoring services, but they’re uniformly mediocre:

I would not be as nice as to say “mediocre”…

Some systems are just “key word searches” so you could type in any old garbage as long as it’s got sufficient keywords you pass, and can pass very well, even with the garbage being entirely random words…

None of the systems I’ve seen that work on “typed answers only” can in any way reliably tell the diference between good work and so-so work, because they do not “comprehend”. To be honest I’m tired about hearing of the “wonders of AI” as spouted by marketing people. You can almost replace AI with blockchain to see the same “wonders of…” sales pitch nonsense from a few years back.

Whilst there is argument over what the aims and objectives of exams are that is are you looking for ability to memorize and regurgitate or think logically or creatively. It is rather beside the point currently.

The reason for the growth in electronic proctoring is the way people who hold the funds see education. To many want to get rid of teachers as they are seen as expensive and in many Universities now they are being replaced by either on-line lessons or worse still the better students from a year or two above.

The point is as I know from having sat on both sides, is that education is a two way street. That is yes the students learn from the teacher, but also the teacher learns from the students. It is that second direction of learning that bureaucrats neither understand or acknowledge which is unfortunate especially as some of them bang on at length about “life long learning”.

In most cases these days “exams” would be better replaced with “projects” which involve memorizing, learning, thinking, and applying them all to the final outcome.

But the same bureaucrats need to understand that the most important leasons are based not on “success” but “failure”. If you design and build something and it works you’ve essentially learnt nothing from the process. However if you design something and it does not work, that’s when you start to learn as you fix the problems each one adds to your knowledge, thus you expand and grow.

When I used to teach, I used to challenge the students “to find the answers” with a little guidence when things got tough, usually by asking them questions. Written exams don’t show this, multiple choice generaly show nothing other than fact memorising.

We as a society need to decide what we want out of our learning system, and the answer had better not be “Earn a lot of Money”, which is what politicians tend to think. Because at the root of cheating that is one of the primary reasons people cheat.

The problem is that if the answer is “creativity” which is what it probably should be[1], then how do you test for it?

A computer can not reliably test it’s self to just follow rules, so how we expect it to comprehend creativity, I have no idea, and I suspect the same is true for everyone else that comes to this blog.

These current on-line proctoring systems are all about diverting tax money away from education and into the pockets of those who are little better than con artists. The sooner people realise this the sooner they have the chance to improve their childrens and other childrens education. Which is not altruistic thinking but plain simple selfish logic. Because who else is going to pay my pension etc?

[1] Jobs that lack a creative process or ones not requiring comprehension can be automated, which is what is happening and has been since the division in labour in pin making.

David Leppik • November 11, 2020 2:08 PM

@Clive: you’re confusing proctoring with grading. AI doesn’t work for either of them.

xcv • November 11, 2020 2:59 PM

I failed a couple of exams. I tried to go to work in the financial industry some time ago.

Failed Level II on a 9-level sequence before these were restructure https://www.soa.org/education/exam-req/edu-fsa-req/

Tried something different in a different area. I failed Level II in this series as well.

https://www.cfainstitute.org/en/programs/cfa/exam

Both cases were a “brotherhood” failure, neither a technical failure of knowledge, nor any particular accusations or allegations of dishonesty or unethical behavior on my part.

I can’t be a “fellow” or receive a “charter” from people like that. It’s considered fraternization or buddy-buddying with the wrong crowd from a military perspective — it’s an extremely tight “system” that shut me out entirely and intentionally on their part failed to leave me any other options to earn or make a living.

I am left on social welfare benefits and at least I’m not in prison, for which I am supposed to count myself lucky despite all the unjustified and horrible slander on my record.

The existence of a “remote proctoring industry [that] offers a range of services” tells me all I need to know.

Clive Robinson • November 11, 2020 4:18 PM

@ David Leppik,

you’re confusing proctoring with grading. AI doesn’t work for either of them.

Proctoring originally ment to supervise the collection of tithes for the Church or Monarchy. Over time in England the term has migrated via the legal system to one who ensures discipline is enforced. It only gets used as a title/job in the functioning of state, church and the Universities that used to be strongly related to Monarch or Church (ie not the “red bricks”).

Over in the US however it appears the scope had narrowed from enforcing all discipline in a University, to just that surrounding examinations. Where it has expanded scope to include nearly all things related to the administration of exams including the marking of them. Initially just multichoice questions that were “marked” by what are effectively tabulating machines but now all computer related issues to do with examinations. That is these companies are selling a “nose to tail” process over the entire exam process.

In England there has in times past been a distinction between “marking” and “grading”.

Where marking is what you do to homework and exams as a process to produce results. It’s the results amongst other things that go towards “grading a students” abilities.

With that nose to tail service ethos the proctoring companies are getting involved in not just ensuring cheating is minimized to some criteria but maintaining students grades, as well as marking exams electronically where they can be. It’s this expantionist “can do” mentality backed up by the notion of “not leaving money on the table” that is driving forward the “extras’.

vas pup • November 11, 2020 4:25 PM

@xcv • November 11, 2020 3:52 PM
Thank you for your post even not directly related to the subject.
When Founding Fathers were thinking about separation of power and check and balances they did miss the point when all three branches could be controlled by the same political party. In this case there is no balances and system is one-sided.
So, if POTUS is going to Dems, then it is good to have Senate controlled by Republicans in order that system work, i.e. both sides will forced to seek compromise which is good.

@Clive – I share many of your thoughts. On the other hand current education as certification of the knowledge is not working properly. Even under assumption that both graduates are with the same credentials, there many NOT related to personal merits factors (nice looking face, demographics, parents connection, money donated, etc.)which never ever create level field.
The only way is not to seek appreciation (money) from employer (private or not) but rather utilize your own knowledge and skills if they are behind your Diploma to start your OWN business: be you own boss.
In this case if you win, YOU reap all benefits, but if you screw up, You suffer all losses. That is only fair game.

KeithB • November 11, 2020 4:33 PM

@vas pup:
“then it is good to have Senate controlled by Republicans in order that system work, i.e. both sides will forced to seek compromise which is good.”

Yeah, that worked out so well for the Obama administration [rolls eyes].

vas pup • November 11, 2020 4:58 PM

@KeithB • November 11, 2020 4:33 PM

That happened when elected officials stay for so long in the office that they really forget the purpose of them being elected: to serve people, not lobbyists.

And I hope they did learn their lesson.

xcv • November 11, 2020 5:55 PM

@vas pup

@xcv • November 11, 2020 3:52 PM
Thank you for your post even not directly related to the subject.

It may have modded out for political stumping. The host may prefer not to tread those waters.

be you own boss.
In this case if you win, YOU reap all benefits, but if you screw up, You
suffer all losses. That is only fair game.

The tough part with this is getting other people to mind their own business even if they are not involved in your business, and maintaining adequate security without arms or civil rights to prevent them from imputing their failures to your life.

John • November 11, 2020 6:51 PM

Proctoring doesn’t work all that well with in-person tests. It’s way too easy to cheat in-person.

Over the years, I’ve seen a lot of kids who didn’t cheat get punished and railroaded. It’s not enough not to cheat. It’s your word against the professor’s, and you have to be able to prove your innocence to a stacked review board. It’s so bad out there that my advice is to hire a lawyer and sue the university as your opening move if you’re ever accused.

Now with Remote proctoring, it’s gotten a lot worse. Far easier to cheat. Look at the spyware. Minicameras. Earwigs. Apple watch. A spare tablet behind the monitor.

And it’s correspondingly harder to prove you didn’t cheat when accused, often by not much better than random-chance AI algorithms. You really need to know what these algorithms are looking for, as in how to cheat, to avoid getting accused.

metaschima • November 12, 2020 12:08 PM

I think this issue has just hit home with COVID-19. Now is when we kinda need good online proctoring. However, people seem confused on the issue. How can you administer a proctored exam in someone’s home and not violate their privacy? It seems like this is not going to happen. You have to either assume that they are using a book or notes, or you have to violate their privacy. I would go with the former. Just make it open book and I suppose put a reasonable time limit on it.

M. Peed Off • November 12, 2020 2:02 PM

Article on proctoring, it seems the students are not happy.

https://www.washingtonpost.com/technology/2020/11/12/test-monitoring-student-revolt/

Clive Robinson • November 12, 2020 11:16 PM

@ metaschima,

Just make it open book and I suppose put a reasonable time limit on it.

Would be my favoured path if exams are to be used, as it would produce a more “life like” valuation of the student (going down the submitted project / thesis route without examinations would be better yet and the next logical step).

However, it is far from immune to “colusion” or “assistance” issues. Worse it definitely needs a high level of comprehension from the system[1] to meet most university “honour codes”[2].

What the pure closed book exam proctoring / invigilation aspect is trying to do is actually directly related to the impossiblity of stopping end to end encryption as both can only stand a chance of working in a fully controled environment. Something that we know has not worked where security is in a “cost no object” National Security environment.

As I noted before such closed book exams realy do not test the qualities of a student other than their ability to remember a whole load of statments usually of little worth (like the order of monarchs and the dates they came to the throne etc which is fairly pointless). It’s only in a very small minority of “pure” science subjects where the student can be tested in closed book exams for anything other than memorized information, and often that only tests the ability to use maths or rule sets as tools. Which generally is not that usefull in the modern working environment.

But even with projects there are colussion and assistance issues… A few years back the UK school qualifications in computer science got thrown into a tail spin. Someone put up the exam project questions on the internet and it quickly spread around to various websites where people give others help. In effect the world answered the question in so many different ways that checking a students work had not in effect been downloaded and tweaked a little was not realistically possible… So the major part of the qualification got suspended.

Now we have COVID-19 giving rise to similar problems, and those who believe themselves in charge are “stumped”. So like all politicians who have no clue as to what to do, they fall back on pointless “reorganisation”[3] and “magic pixie dust thinking”.

The current pixie dust being “AI” sold preserved in the snake oil of these proctoring / invigilating systems that even when they massively invade a student’s privacy fail to control the environment the student is in sufficiently to stop collusion etc. But do throw up sufficient false positives to ruin many students efforts.

Thus when the situation is considered by a “rational actor”, in the students position it actually makes more sense to be dishonest than honest… By the same consideration in the invigilator / proctors position it makes rather more sense not to use such systems, and infact fundamentally reconsider the examination / testing methods of students…

But that is not the message politicians want to hear because it goes against their “cherished notions” thus cognative bias…

[1] Traditionaly proctoring falls in to two parts, on the day “issolation” techniques and subsequent “content appraisal” which is a value judgement based on experience. Modern coursework apprasing systems that look for “plagiarism” are now being applied to exams to replace the “content appraisal”. Such systems are more notable for their failings than their successes which is hardly surprising.

[2] The Internet and legal profession have turned honour codes into fairly intricate and lengthy documents. Some however still remain readable, but length is another matter. This page is just the subsection for open book exams,

https://www.ox.ac.uk/students/academic/exams/open-book/honour-code

Back a few years ago such seperate signed statments did not exist, nor needed to be.

[3] One the subject of reorganisation there are pithy quotes that are claimed to have come from Roman statesmen of two millennia ago. However,

https://quoteinvestigator.com/2013/11/12/reorganizing/

But for people that can reason probably the most appt military quote about incompetent managment is the one that says “If it moves salute it, If it does not move paint it”.

Robin • November 13, 2020 2:56 AM

@metaschima, @Clive

Yes, instead of worrying about the proctoring, maybe we should focus on the nature of the tests and not try to emulate a human-based system using machines.

Many years ago I took an MSc in an engineering subject and to my delight discovered it was an ‘open book’ exam. We all went into the exam carrying – in some cases – suitcases full of lecture notes, text-books, etc. I carried a modest – but still substantial – amount of information. (Pre-laptop days, BTW).

The sting was, though, that (a) there was not enough time to leaf through pages of notes to find the ‘right’ answer, and (b) carrying a ton of factual information did not help to reason out a solution to a new problem. One needed to actually understand the topic and know how to use that understanding. Shock horror. Nearly all of us came out of the exam not having touched the reference material. There were a few cases where we had double-checked a formula or similar, dry, fact.

I understand that not all subjects lend themselves to this sort of test, but maybe we should be moving in that direction.

metaschima • November 13, 2020 2:13 PM

@Robin

Yes, I have also taken open book exams and indeed you cannot really use the reference material as much as you think because of the time limit and honestly if you haven’t read the material you will most definitely not pass. More useful would be notes that you have written, condensed material that helps you find information faster, but then you are usually the one who wrote the notes otherwise it won’t be a whole lot more useful than a textbook. Given all this I think open book exams are the way to go.

Security Sam • November 14, 2020 4:19 PM

The new online exam proctoring
Is prone to random doctoring
Where a simple case of outlier
Transforms a lawyer into a liar.